package com.chocus.core.controller;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.codec.binary.Hex;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.chocus.common.utils.RequestUtils;
import com.chocus.core.bean.user.Buyer;
import com.chocus.core.service.buyer.BuyerService;
import com.chocus.core.service.buyer.SessionProvider;

@Controller
public class LoginController {

	@Autowired
	private BuyerService buyerService;
	@Autowired
	private SessionProvider sessionProvider;

	@RequestMapping(value = "/login.aspx", method = RequestMethod.GET)
	public String login() {

		return "login";
	}

	@RequestMapping(value = "/login.aspx", method = RequestMethod.POST)
	public String login(String returnUrl, String username, String password, Model model, HttpServletRequest request,
			HttpServletResponse response) {
		// 用户名不嫩为空
		if (username == null) {
			model.addAttribute("error", "用户名不嫩为空");
			return "login";
		}
		// 密码不能为空
		if (password == null) {
			model.addAttribute("error", "密码不能为空");
			return "login";
		}
		// 用户名不正确
		Buyer buyer = buyerService.getBuyerByUsername(username);
		if (buyer == null) {
			model.addAttribute("error", "用户名不正确");
			return "login";
		}
		// 密码不正确
		if (!buyer.getPassword().equals(encodePassword(password))) {
			model.addAttribute("error", "密码不正确");
			return "login";
		}
		// 登录成功
		sessionProvider.setAttribute(RequestUtils.getCSESSIONID(request, response), username);
		return "redirect:" + returnUrl;
	}

	/**
	 * 密码双重加密
	 * 
	 * @param password
	 * @return
	 */
	public String encodePassword(String password) {
		String algorithm = "MD5";
		char[] encodeHex = null;
		try {
			// md5加密
			MessageDigest instance = MessageDigest.getInstance(algorithm);
			byte[] digest = instance.digest(password.getBytes());
			// 16进制加密
			encodeHex = Hex.encodeHex(digest);
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return new String(encodeHex);
	}

	/**
	 * 判断是否已经登录
	 * 
	 * @param returnUrl
	 * @param username
	 * @param password
	 * @param model
	 * @param request
	 * @param response
	 * @return
	 */
	@RequestMapping(value = "/isLogin.aspx", method = RequestMethod.GET)
	@ResponseBody
	public MappingJacksonValue isLogin(String callback, HttpServletRequest request, HttpServletResponse response) {
		// 初始化为未登录
		String flag = "0";
		String username = sessionProvider.getAttribute(RequestUtils.getCSESSIONID(request, response));
		if (username != null) {
			flag = "1";
		}
		MappingJacksonValue mValue = new MappingJacksonValue(flag);
		mValue.setJsonpFunction(callback);
		return mValue;
	}
}
